I'm looking for a quick way to protect a Tomcat instance and all webapps running on it, so that accessing any page requires credentials (simple username/passwd).

I guess Realm is the "proper" way to do it, but that doesn't seem very simple to set up. We would prefer a way where you don't have to change the webapps themselves at all. Anyone know if there's a "quick and dirty" way to achive that?

3 Answers
3

(1) If you can modify the web.xml of your webapps, just put in a few lines into the web.xml to require basic authentication. The trick is to make sure that the user has been designated a role in the tomcat-users.xml that matches the role defined in the auth-constraint section of the web.xml: